<?php include("session.inc.php"); ?>
<?php require_once("../common/config.inc.php");?>
<?php include("../common/db.inc.php"); ?>
<?php 
global $divDisplayStyle,$operateResult,$currentUser;

	init();		
	
	function init(){ 
		$GLOBALS[divDisplayStyle]=array();
		$operation=$_POST["operation"];
		$userid=$_POST["userid"];
		$password=$_POST["password"];
		$newPassword=$_POST["newPassword"];
		
		//handle post request - modify user pass
		if($operation && $operation=="changePass"){					
			$GLOBALS[currentUser]=getUser($userid,$password);
			if($GLOBALS[currentUser]!=null){
				modifyUserPass($userid,$newPassword);
				$GLOBALS[operateResult]="Password Changed Succeed!";
				$GLOBALS[divDisplayStyle]["operateDiv"]="display:none";
				$GLOBALS[divDisplayStyle]["operateResultDiv"]="display:inline";				
			}else{
				$GLOBALS[operateResult]="Invalid UserID or Password!";	
				$GLOBALS[divDisplayStyle]["operateDiv"]="display:inline";					
				$GLOBALS[divDisplayStyle]["operateResultDiv"]="display:inline";						
			}
		}else{
			$GLOBALS[divDisplayStyle]["operateDiv"]="display:inline";
			$GLOBALS[divDisplayStyle]["operateResultDiv"]="display:none";			
		}	
	}
	
	function getUser($userid,$password){		
		$password=md5($password);		
		$sql = "SELECT * FROM medcdb.t_user where userid='$userid' and password='$password'";
		$connection=getMEDCConnection();
		$userArray=executeQuery($sql,$connection);
		return $userArray[0];		
	}
	
	function modifyUserPass($userid,$newPassword){
		$newPassword=md5($newPassword);		
		$sql = "update medcdb.t_user set password='$newPassword' where userid='$userid'";
		$connection=getMEDCConnection();
		executeUpdate($sql,$connection);		
	}
	
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="keywords" content="" />
<meta name="Description" content="" />
<meta name="author" content="" />
<title>User Change Password Page</title>
<link rel="stylesheet" type="text/css" href="../css/medc.css" />
<script language="JavaScript" type="text/javaScript" src="../js/medc_common.js"></script>
<script language="JavaScript" type="text/javascript">	
	function doPost(operation){
		if(validate()==false){
			return;
		}
		document.getElementById("operation").value=operation;
		//document.forms["medcform"].attributes["action"]="UserChangePass.php";
		document.forms["medcform"].submit();
	}
	
	function validate(){			
		//check empty field - userid password newPassword passwordVerify
		var userid=document.getElementById("userid").value;
		var password=document.getElementById("password").value;
		var newPassword=document.getElementById("newPassword").value;
		var passwordVerify=document.getElementById("passwordVerify").value;
		var checkList=new Array(
		["userid",userid],
		["password",password],
		["new Password",newPassword],
		["password Verify",passwordVerify]
		);
		for(var i=0;i<checkList.length;i++){
			if(isWhitespace(checkList[i][1])){
				alert(checkList[i][0]+ " can not be empty!");		
				return false;	
			}
		}		
		
		if(newPassword.length>8 || newPassword.length<4){
			alert("password length is 4-8!")			
			return false;
		}else if(isNumAndAlpha(newPassword)==false){				
			alert("password should only contain numbers and alphabets!");			
			return false;
		}
		
		//check password in consist
		if(newPassword!=passwordVerify){
			alert("Password doesn't match! Pleas try again.");
		}
		return true;
	}
</script>
</head>

<body>
<!--Top area-->
	<div id="toparea">
		<?php include "../common/header.inc.php"?>
	</div>
	<div id="menu">
		<?php include "UserMenu.inc.php";?>
	</div>	

	<!--Main area-->
	<div id="mainarea">
		<form action="UserChangePass.php" method="post" name="medcform">
		<input type="hidden" name="operation" id="operation" />
		<div id="operateResultDiv" style="<? echo $GLOBALS[divDisplayStyle]["operateResultDiv"]; ?>" >
			<div align="center"><?php echo $GLOBALS[operateResult]; ?></div>
		</div>
		<div id="operateDiv" style="<? echo $GLOBALS[divDisplayStyle]["operateDiv"]; ?>" >
			<table>
				<tr>
					<td align="left"><label for="userid">User Id</label></td>
					<td align="left"><input type="text" name="userid" id="userid" maxLength="20" size="20" readonly value="<?php echo $_SESSION["user"]; ?>"/><td>
				</tr>
				<tr>
					<td align="left" style="width:120px;" valign="bottom"><label for="password">Old Password</label></td>
					<td align="left">			
						<input type="password" name="password" id="password" maxLength="10" size="20" />			
					<td>
				</tr>
				<tr>
					<td align="left" valign="bottom"><label for="newPassword">New Password</label></td>
					<td align="left">			
						<input type="password" name="newPassword" id="newPassword" maxLength="10" size="20" />
						<label for="newPassword" >(4-8 numbers and alphabets)</label>			
					<td>
				</tr>	
				<tr>
					<td align="left" valign="bottom"><label for="passwordVerify">Verify Password</label></td>
					<td align="left">			
						<input type="password" name="passwordVerify" id="passwordVerify" maxLength="10" size="20" />			
					<td>
				</tr>
				<tr>
					<td>&nbsp;</td>
					<td align="left" style="padding-top:10px;">
						<input type="button" name="Submit" value="Submit" id="Submit" onclick="doPost('changePass')" />			
					</td>
				</tr>
			</table>			
		</div>
		</form>
	</div>
	
	<div class="myclear"></div>
	<div id="footer">
		<?php include "../common/footer.inc.php";?>
	</div>
</body>
</html>
